Privacy Shield: Who is it there to protect?

The EU’s scramble to replace the grossly abused Safe Harbour agreement with something more substantial has little to no hope of succeeding, according to privacy advocates.

Privacy Shield is the action-packed title for what will soon, one would think, replace Safe Harbour. For it, the European Commission (EC) has today provided the legal texts for how it should work.

The EC says EU citizens will – once this is pushed through – have greater powers of redress if and when their personal data is acquired underhandedly. EU commissioner Vĕra Jourová said there is “robust enforcement and monitoring”, which is nice, and there are “written assurances” from US partners to not abuse it.

European Digital Rights (EDRi), though, has been quick to criticise the news, claiming the EC’s handling of the Edward Snowden fallout has rendered any proposed text obsolete.

‘Nothing has changed’

“Two years, three months and two days after the Commission first recognised the illegality of current arrangements, barely anything has changed,” said Joe McNamee, executive director of the organisation.

McNamee argues that the previous self-certification scheme, which made bulk data collection easy, remains. The ombudsman put forth in Privacy Shield is irrelevant and the agreement between the EU and US is nothing more than a statement.

“Under Safe Harbour, the EC could have suspended the arrangement when it was recognised that it was not working but failed to do so. Under Privacy Shield, the EC promises to suspend the arrangement, if it is recognised that it is not working. What’s new?” he asks.

Look, over there!

All this plays out hours after news came from the US that it’s not just the NSA that will have blanket access to the information it garners through its endless projects, but other governmental agencies, too.

According to the The New York Times, Robert Litt, the ggeneral counselin the office of the Director of National Intelligence, said that the administration was fine-tuning a draft set of procedures to permit the sharing.

This is the same Litt that allegedly said last year that “the legislative environment is very hostile today” towards ending mass encryption of online messaging, “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement”.

So, as the EU drums up documentation on how to protect citizens’ data when it transfers it to the US, the US is openly planning ways to drastically increase the number of people with the ability to peer into that very data.

Closer to home

Beyond this, there are still the state surveillance bodies within the EU that require serious scrutiny, like the GCHQ in the UK. In the The New York Times report, it was noted that the data the US is trying to broaden access to is either acquired by the NSA “or provided by allies”.

Basically, this information can get through to US surveillance bodies regardless of EU-US agreements.

“The EC today issued the legal texts that will put in place the EU-US Privacy Shield, and a communication summarising the actions taken over the last years to restore trust in transatlantic data flows since the 2013 surveillance revelations.”

So reads the EU’s press release. “Restore trust”, not ensure safety; it’s all very ‘Marketing: 101’.